[CentOS] NFS client firewall config?

Thu Feb 18 11:00:53 UTC 2010
Rudi Ahlers <Rudi at SoftDux.com>

Hi all,

Which ports do I need to have open on an NFS client's firewall to allow it
to connect to a remote NFS servers?

When I disable iptables (using ConfigServerFirewall), it connects fine, but
as soon as I enable it, NFS gives me this error:
root at saturn:[~]$ mount master1.mydomain.co.za:/saturn /bck
mount: mount to NFS server 'master1.mydomain.co.za' failed: RPC Error:
Unable to send.

I have added ports 111 & 2049 in both the TCP & UDP ingres & exgress ranges,
but that doesn't seem to help. portmap & nfs is running as well. But as I
say, as soon as I disable the firewall, it mounts fine.

Google search results reveal a lot of different ports, like 4000:4004,
83xxxx (something, I forgot) but it still doesn't help.


root at saturn:[~]$ rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100021    1   udp  48996  nlockmgr
    100021    3   udp  48996  nlockmgr
    100021    4   udp  48996  nlockmgr
    100021    1   tcp  47195  nlockmgr
    100021    3   tcp  47195  nlockmgr
    100021    4   tcp  47195  nlockmgr
    100011    1   udp   4004  rquotad
    100011    2   udp   4004  rquotad
    100011    1   tcp   4004  rquotad
    100011    2   tcp   4004  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100005    1   udp   4003  mountd
    100005    1   tcp   4003  mountd
    100005    2   udp   4003  mountd
    100005    2   tcp   4003  mountd
    100005    3   udp   4003  mountd
    100005    3   tcp   4003  mountd



-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20100218/c8721264/attachment-0004.html>